During the last couple of years information security has become a business problem that concerns not only system operators but also company management. Thanks to the media coverage on recent worms, viruses and DOS-attacks (denial of service attacks) the threats against company’s and society’s information security has been made aware for the public.Business partners and stakeholders demand good information security if they are going to conduct business with a company whilst company management are being held responsible to a higher degree for information security than before. The purpose of this study has been to research how to implement a graphical interface for presenting information security information to management. The major conclusion of the study is that management use this kind of information mainly for financial and strategic matters…
Contents
1. INTRODUCTION
1.1 BACKGROUND
1.2 PURPOSE AND QUESTIONS OF ISSUE
1.3 SIGURU AND THE SIGURU-SOFTWARE
1.4 DELIMITATION
1.5 DEFINITIONS
1.5.1 User-centred security
1.5.2 Usability
1.5.3 Information security
1.5.4 Security information
1.5.5 Acting secure/insecure
1.6 SOURCES
1.7 TYPOGRAPHICAL CONVENTIONS
1.8 STRUCTURE OF THE THESIS
2. THEORY
2.1 PROBLEMS WITH TODAY’S INFORMATION SECURITY SOLUTIONS
2.1.1 Costs
2.1.2 The risk for intrusion
2.1.3 Behaviour
2.2 USER-CENTERED SECURITY
2.2.1 The origin of user-centered security
2.2.2 Education of the users
2.2.3 Motivation of the users
2.2.4 Information Security policies
2.2.5 Management
2.2.6 Monitoring & Surveillance
2.2.7 The Social aspect
2.2.8 The organisational aspect
2.3 GENERAL DESIGN PRINCIPLES FOR INTERFACES
2.3.1 Design principles by Norman
2.3.2 Design principles by Nielsen
2.3.3 Gestalt principles regarding visual perception
2.4 DESIGN PRINCIPLES FOR DEVELOPMENT OF INFORMATION SECURITY APPLICATIONS
2.4.1 Text and pictures
2.4.2 Complexity
2.4.3 The amount of information shown
2.4.4 Teach the users the simple tricks – if it is needed
3. METHOD
3.1 METHODOLOGY
3.1.1 Scientific approach
3.1.2 Qualitative and Quantitative data
3.1.3 Interviews
3.1.4 Task log
3.2 SEQUENCE OF WORK
3.2.1 Literature study
3.2.2 Interviews
3.2.3 Lo-fi prototyping
3.2.4 User tests on the lo-fi prototype
3.2.5 Hi-fi prototyping
3.2.6 User tests on the hi-fi prototype
4. RESULTS
4.1 INTERVIEWS
4.1.1 Information of special concern to get an overview of information security
4.1.2 Information security information for management
4.1.3 Recourses for information security
4.1.4 Information security problems
4.1.5 Information Security incidents
4.1.6 Information security policy
4.1.7 Problems with today’s solutions
4.1.8 What the users need to know when using an organisations network
4.1.9 Threats
4.1.10 Responsibility for information security
4.2 SCENARIO
4.3 LO-FI PROTOTYPE
4.4 USER TESTS AND INTERVIEWS ON THE LO-FI PROTOTYPE
4.4.1 Overall
4.4.2 Inventory
4.4.3 Strategic and financial decision
4.4.4 The amount of information
4.5 USER TESTS AND INTERVIEWS ON THE HI-FI PROTOTYPE
4.5.1 Overall
4.5.2 Inventory
4.5.3 Resources
4.5.4 Trends
4.5.5 Strategic and financial decision
4.5.6 The amount of information
4.5.7 User Co-operation
4.5.8 The type of information
5. DISCUSSION AND CONCLUSIONS
5.1 THE INTERFACE
5.2 WHY DO PEOPLE ACT INSECURE?
5.2.1 Can the interface and the software prevent people from acting insecure?
5.3 MONITORING THE USERS
5.4 THE MANAGEMENT’S MENTAL MODEL OF INFORMATION SECURITY
5.4.1 What kind of information is useful for the target users?
5.4.2 Design heuristics for user centered security design with management as target users
5.5 EVALUATION OF THE CONCEPT
5.6 METHOD CRITICISM
5.6.1 Validity
5.6.2 Reliability
6. FUTURE RESEARCH
REFERENCES
Author: Bäckström, Johannes
Source: Linköping University
Download URL 2: Visit Now